Product:

Zfs_storage_appliance_kit

(Oracle)
Repositories https://github.com/apache/httpd
#Vulnerabilities 108
Date Id Summary Products Score Patch Annotated
2022-02-16 CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 9.8
2022-02-16 CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Debian_linux, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 9.8
2022-02-18 CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 6.5
2022-02-18 CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 7.5
2022-02-18 CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 9.8
2022-02-21 CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned Ubuntu_linux, Debian_linux, Fedora, Zfs_storage_appliance_kit, Polkit, Enterprise_linux 5.5
2022-02-26 CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, Bootstrap_os, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_unified_data_repository, Mysql_workbench, Zfs_storage_appliance_kit, Libxml2 7.5
2022-03-03 CVE-2022-21716 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit, Twisted 7.5
2022-03-14 CVE-2022-22719 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit 7.5
2022-03-14 CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Enterprise_manager_ops_center, Http_server, Zfs_storage_appliance_kit 9.8